BCBSA
Company Details
Linkedin ID:
blue-cross-blue-shield-of-alabama
Website:
Employees number:
2,657
Number of followers:
20,967
NAICS:
524
Industry Type:
Homepage:
alabamablue.com
IP Addresses:
0
Company ID:
BLU_2643657
Scan Status:
In-progress
Blue Cross and Blue Shield of Alabama Company CyberSecurity Posture
alabamablue.com
Blue Cross and Blue Shield of Alabama is the largest provider of healthcare benefits in Alabama, providing coverage to more than 2.9 million people in Alabama and other areas of the country. We employ over 3,500 people at our corporate headquarters in Birmingham, Alabama, as well as service centers and satellite offices throughout Alabama. In business since 1936, Blue Cross is a solid, stable company that is positioned for growth in the 21st century. Our customers are individuals representing nearly 20,000 companies, including many of the states and country's largest corporations, as well as small businesses with as few as two employees. Today's dynamic healthcare market requires that we identify and utilize the best available talent to provide outstanding value and service for our customers. At Blue Cross, our strategy is simple: serve customers through value-driven quality products and services. We are in the people business, and our corporate values reflect this. That's why we're called "The Caring Company." We've been cited for excellence in performance, financial strength, innovation and human resources. Yet, we do not rest on past achievements or laurels. Each day brings an opportunity to create something better. This same standard of excellence and concern for others extends to our associates. Blue Cross and Blue Shield of Alabama is an Independent Licensee of the Blue Cross and Blue Shield Association.
Blue Cross and Blue Shield of Alabama A.I CyberSecurity Scoring
BCBSA Risk Score (AI oriented)Between 650 and 699
BCBSA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BCBSA Global Score (TPRM)XXXX
BCBSA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BCBSA Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Blue Cross and Blue Shield of Alabama
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Blue Cross and Blue Shield (BCBS) of Alabama suffered a data breach incident that affected around 8,700 individuals connected to the organization. The exposed information included contact and demographic information, Social Security numbers, clinical information, and financial information. BCBS however, notified all the impacted individuals affected by the breach.
Blue Cross and Blue Shield of Alabama
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients. The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme. Threat actors were able to obtain patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals. The following organisations, on behalf of which Welltok is delivering notice to affected individuals, are Asuris Northwest Health, BridgeSpan Health, Blue Cross and Blue Shield of Minnesota, Blue Cross and Blue Shield of Alabama, Blue Cross and Blue Shield of Kansas, Blue Cross and Blue Shield of North Carolina, Corewell Health, Faith Regional Health Services, Mass General, Brigham Health Plan, Priority Health, Regence BlueCross BlueShield of Oregon, Regence BlueShield, Regence BlueCross BlueShield of Utah, Regence Blue Shield of Idaho, St. Bernards Healthcare, and Sutter Health.
BCBSA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BCBSA
Incidents vs Insurance Industry Average (This Year)
No incidents recorded for Blue Cross and Blue Shield of Alabama in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Blue Cross and Blue Shield of Alabama in 2025.
Incident Types BCBSA vs Insurance Industry Avg (This Year)
No incidents recorded for Blue Cross and Blue Shield of Alabama in 2025.
Incident History — BCBSA (X = Date, Y = Severity)
BCBSA cyber incidents detection timeline including parent company and subsidiaries
BCBSA Company Subsidiaries
Blue Cross and Blue Shield of Alabama is the largest provider of healthcare benefits in Alabama, providing coverage to more than 2.9 million people in Alabama and other areas of the country. We employ over 3,500 people at our corporate headquarters in Birmingham, Alabama, as well as service centers and satellite offices throughout Alabama. In business since 1936, Blue Cross is a solid, stable company that is positioned for growth in the 21st century. Our customers are individuals representing nearly 20,000 companies, including many of the states and country's largest corporations, as well as small businesses with as few as two employees. Today's dynamic healthcare market requires that we identify and utilize the best available talent to provide outstanding value and service for our customers. At Blue Cross, our strategy is simple: serve customers through value-driven quality products and services. We are in the people business, and our corporate values reflect this. That's why we're called "The Caring Company." We've been cited for excellence in performance, financial strength, innovation and human resources. Yet, we do not rest on past achievements or laurels. Each day brings an opportunity to create something better. This same standard of excellence and concern for others extends to our associates. Blue Cross and Blue Shield of Alabama is an Independent Licensee of the Blue Cross and Blue Shield Association.
Loading...
BCBSA Similar Companies
Assurant is a leading global business services company that supports, protects, and connects major consumer purchases. A Fortune 500 company with a presence in 21 countries, Assurant supports the advancement of the connected world by partnering with the world’s leading brands to develop innovative s
State Life Insurance Pakistan
The Life Insurance Business in Pakistan was nationalized in March 1972. Initially, the Life Insurance business of 32 Insurance Companies was merged and placed under three Beema Units named “A”, “B” and “C” Beema Units. However, later these Beema Units were merged, and effective November 1, 1972, the
CNO Financial Group
CNO Financial Group, Inc. (NYSE: CNO) secures the future of middle-income America. CNO provides life and health insurance, annuities, financial services, and workforce benefits solutions through our family of brands, including Bankers Life, Colonial Penn, Optavise and Washington National. Our cus
Allianz Partners
Allianz Partners is a world leader in B2B2C insurance and assistance, offering global solutions that span international health and life, travel insurance, automotive and assistance. Customer driven, our innovative experts are redefining insurance services by delivering future-ready, high-tech high-t
AAA-The Auto Club Group
AAA - The Auto Club Group (ACG) is the second largest AAA club in North America, serving more than 13+ million members across 14 U.S. states, the province of Quebec, Puerto Rico, and the U.S. Virgin Islands. For over 100 years, AAA has provided safety, security, and peace of mind. ACG advances AAA’
Brown & Brown
Brown & Brown delivers risk management solutions to help protect and preserve what our customers value most. Our two business segments, Retail and Specialty Distribution, offer businesses and individuals a wide range of insurance solutions. We are one of the insurance industry’s most powerful and i
Swiss Re
The Swiss Re Group is a leading wholesale provider of reinsurance, insurance and other insurance-based forms of risk transfer. Dealing direct and working through brokers, its global client base consists of insurance companies, mid-to-large-sized corporations and public sector clients. From standard
Vienna Insurance Group (VIG)
Vienna Insurance Group (VIG) is the leading insurance group in the entire Central and Eastern European (CEE) region. More than 50 insurance companies and pension funds in 30 countries form a Group with a long-standing tradition, strong brands and close customer relations. Around 30,000 employees in
At Allstate, we're advocates for peace of mind and a good life. And that comes through in everything we do. From building innovative teams that truly understand our customers' needs, to challenging each other to develop our careers in a meaningful way, and finally to the incredible results we're a
.png)
BCBSA CyberSecurity News
November 12, 2025 09:40 PM
Modern data management is powering nonprofit innovation
Learn how Blue Cross Blue Shield of Alabama is using modern data management and Kubernetes to improve agility and innovation.
November 06, 2025 01:29 PM
Best Medicare Advantage Plans In Alabama In 2025
Plan options from Aetna, Anthem, BCBS, Cigna, Humana, and more. Licensed, experienced and dedicated Medicare professionals are here to help you navigate your...
October 30, 2025 07:00 AM
Turkey Bowl to serve 1,000 meals for needy families
MOBILE, Ala. (WKRG) — The 6th Annual Turkey Bowl will offer football and free Thanksgiving meals for families in need, according to the...
October 13, 2025 07:00 AM
Medicare Advantage star ratings 2026: Winners and losers
Nonprofit health insurance companies fared poorly in the 2026 Medicare Advantage star ratings relative to their for-profit rivals.
October 02, 2025 07:00 AM
Best Health Insurance Companies Of 2025
Kaiser Permanente is the best health insurance company for those looking for Affordable Care Act plans. See which insurers topped the list...
August 21, 2025 07:00 AM
Court approves Blue Cross’ $2.8B antitrust deal with providers
Blue Cross and Blue Shield health insurance companies still face antitrust allegations from nearly 6500 providers.
August 20, 2025 07:00 AM
Blue Cross Blue Shield Gets Final Approval of $2.8 Billion Deal
Blue Cross Blue Shield gained final approval of a $2.8 billion class action antitrust settlement, putting to rest claims by doctors,...
August 20, 2025 07:00 AM
$2.8B BCBS Antitrust Deal Approved With $759M For Attys
An Alabama federal judge has approved a $2.8 billion settlement between Blue Cross Blue Shield and a class of medical providers in a...
August 19, 2025 07:00 AM
US judge approves $2.8 billion Blue Cross settlement with health providers
A U.S. judge in Alabama on Tuesday granted final approval to a class action settlement requiring insurer Blue Cross Blue Shield to pay $2.8...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BCBSA CyberSecurity History Information
Official Website of Blue Cross and Blue Shield of Alabama
The official website of Blue Cross and Blue Shield of Alabama is http://www.AlabamaBlue.com.
Blue Cross and Blue Shield of Alabama’s AI-Generated Cybersecurity Score
According to Rankiteo, Blue Cross and Blue Shield of Alabama’s AI-generated cybersecurity score is 670, reflecting their Weak security posture.
How many security badges does Blue Cross and Blue Shield of Alabama’ have ?
According to Rankiteo, Blue Cross and Blue Shield of Alabama currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Blue Cross and Blue Shield of Alabama have SOC 2 Type 1 certification ?
According to Rankiteo, Blue Cross and Blue Shield of Alabama is not certified under SOC 2 Type 1.
Does Blue Cross and Blue Shield of Alabama have SOC 2 Type 2 certification ?
According to Rankiteo, Blue Cross and Blue Shield of Alabama does not hold a SOC 2 Type 2 certification.
Does Blue Cross and Blue Shield of Alabama comply with GDPR ?
According to Rankiteo, Blue Cross and Blue Shield of Alabama is not listed as GDPR compliant.
Does Blue Cross and Blue Shield of Alabama have PCI DSS certification ?
According to Rankiteo, Blue Cross and Blue Shield of Alabama does not currently maintain PCI DSS compliance.
Does Blue Cross and Blue Shield of Alabama comply with HIPAA ?
According to Rankiteo, Blue Cross and Blue Shield of Alabama is not compliant with HIPAA regulations.
Does Blue Cross and Blue Shield of Alabama have ISO 27001 certification ?
According to Rankiteo,Blue Cross and Blue Shield of Alabama is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Blue Cross and Blue Shield of Alabama
Blue Cross and Blue Shield of Alabama operates primarily in the Insurance industry.
Number of Employees at Blue Cross and Blue Shield of Alabama
Blue Cross and Blue Shield of Alabama employs approximately 2,657 people worldwide.
Subsidiaries Owned by Blue Cross and Blue Shield of Alabama
Blue Cross and Blue Shield of Alabama presently has no subsidiaries across any sectors.
Blue Cross and Blue Shield of Alabama’s LinkedIn Followers
Blue Cross and Blue Shield of Alabama’s official LinkedIn profile has approximately 20,967 followers.
NAICS Classification of Blue Cross and Blue Shield of Alabama
Blue Cross and Blue Shield of Alabama is classified under the NAICS code 524, which corresponds to Insurance Carriers and Related Activities.
Blue Cross and Blue Shield of Alabama’s Presence on Crunchbase
No, Blue Cross and Blue Shield of Alabama does not have a profile on Crunchbase.
Blue Cross and Blue Shield of Alabama’s Presence on LinkedIn
Yes, Blue Cross and Blue Shield of Alabama maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/blue-cross-blue-shield-of-alabama.
Cybersecurity Incidents Involving Blue Cross and Blue Shield of Alabama
As of November 27, 2025, Rankiteo reports that Blue Cross and Blue Shield of Alabama has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Blue Cross and Blue Shield of Alabama has an estimated 14,858 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Blue Cross and Blue Shield of Alabama ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
How does Blue Cross and Blue Shield of Alabama detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with bcbs notified all the impacted individuals affected by the breach...
Incident Details
Can you provide details on each incident ?
Title: Blue Cross and Blue Shield of Alabama Data Breach
Description: Blue Cross and Blue Shield (BCBS) of Alabama suffered a data breach incident that affected around 8,700 individuals connected to the organization.
Type: Data Breach
Title: Welltok Data Breach
Description: The U.S. healthcare services business Welltok revealed a data breach that affected around 8.5 million patients. The business was one among the targets of a widespread hacking campaign that took advantage of a zero-day vulnerability in the MOVEit Transfer programme. Threat actors were able to obtain patient information, including phone numbers, physical addresses, email addresses, and full names. Threat actors also obtained specific health insurance details, Medicare/Medicaid ID numbers, and Social Security numbers (SSNs) for some of the affected individuals.
Type: Data Breach
Attack Vector: Zero-day vulnerability in MOVEit Transfer programme
Vulnerability Exploited: MOVEit Transfer programme
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach BLU2255251222
Data Compromised: Contact and demographic information, Social security numbers, Clinical information, Financial information
Incident : Data Breach BLU357271123
Data Compromised: Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Contact And Demographic Information, Social Security Numbers, Clinical Information, Financial Information, , Phone Numbers, Physical Addresses, Email Addresses, Full Names, Health Insurance Details, Medicare/Medicaid Id Numbers, Social Security Numbers (Ssns) and .
Which entities were affected by each incident ?
Incident : Data Breach BLU2255251222
Entity Name: Blue Cross and Blue Shield of Alabama
Entity Type: Health Insurance Provider
Industry: Healthcare
Location: Alabama
Customers Affected: 8,700
Incident : Data Breach BLU357271123
Entity Name: Welltok
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Customers Affected: 8.5 million patients
Incident : Data Breach BLU357271123
Entity Name: Asuris Northwest Health
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: BridgeSpan Health
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Blue Cross and Blue Shield of Minnesota
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Blue Cross and Blue Shield of Alabama
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Blue Cross and Blue Shield of Kansas
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Blue Cross and Blue Shield of North Carolina
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Corewell Health
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Faith Regional Health Services
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Mass General
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Brigham Health Plan
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Priority Health
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Regence BlueCross BlueShield of Oregon
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Regence BlueShield
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Regence BlueCross BlueShield of Utah
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Regence Blue Shield of Idaho
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: St. Bernards Healthcare
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Incident : Data Breach BLU357271123
Entity Name: Sutter Health
Entity Type: Healthcare Services
Industry: Healthcare
Location: U.S.
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach BLU2255251222
Communication Strategy: BCBS notified all the impacted individuals affected by the breach.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach BLU2255251222
Type of Data Compromised: Contact and demographic information, Social security numbers, Clinical information, Financial information
Number of Records Exposed: 8,700
Personally Identifiable Information: contact and demographic informationSocial Security numbers
Incident : Data Breach BLU357271123
Type of Data Compromised: Phone numbers, Physical addresses, Email addresses, Full names, Health insurance details, Medicare/medicaid id numbers, Social security numbers (ssns)
Number of Records Exposed: 8.5 million
Sensitivity of Data: High
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through BCBS notified all the impacted individuals affected by the breach..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach BLU2255251222
Customer Advisories: BCBS notified all the impacted individuals affected by the breach.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was BCBS notified all the impacted individuals affected by the breach..
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were contact and demographic information, Social Security numbers, clinical information, financial information, , phone numbers, physical addresses, email addresses, full names, health insurance details, Medicare/Medicaid ID numbers, Social Security numbers (SSNs) and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were health insurance details, full names, physical addresses, financial information, Social Security numbers (SSNs), Social Security numbers, phone numbers, contact and demographic information, Medicare/Medicaid ID numbers, clinical information and email addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 8.5M.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an BCBS notified all the impacted individuals affected by the breach.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=blue-cross-blue-shield-of-alabama' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
